Revenge RAT is the most dominant malware in UAE- Check Point Research
Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies, a provider of cyber security solutions globally, has published its latest Threat Index for March 2022. Researchers reported that Revenge RAT, a Trojan that targets the Windows platform, is the most prevalent malware targeting 6 percent of UAE businesses, while Emotet reenlists to second place by impacting 5 percent of the organizations in the UAE.
Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the trojan is running on a compromised system, the attacker can send commands to it and receive data back in response. Revenge RAT was the most prevalent malware in the UAE this month. It accepts commands from a remote server to collect system information, run/update files from links or disks, load plugins and close/restart the malware among other malicious activities. Additionally, it creates a Run key Registry entry on the infected system and a shortcut under the user’s Startup folder to achieve persistence.
Emotet, the self-propagating and modular trojan, is second in the top malware index for the UAE. Emotet distributes other malware or malicious campaigns and uses multiple methods for maintaining persistence and evasion techniques to avoid detection. Since its return in November last year and the recent news that Trickbot has shut down, Emotet has been strengthening its position as the most prevalent malware worldwide. This was solidified even further this month as many aggressive email campaigns have been distributing the botnet, including various Easter-themed phishing scams exploiting the buzz of the festivities. These emails were sent to victims all over the world with one such example using the subject “buona pasqua, happy easter” yet attached to the email was a malicious XLS file to deliver Emotet.
“In recent years, technology has advanced to the point where cybercriminals are increasingly relying on human trust to hack corporate networks. In the last six months, an organization in the United Arab Emirates has been targeted an average of 792 times per week, with 95 percent of malicious files delivered by email in the last 30 days,” said Ram Narayanan, Country Manager at Check Point Software, Middle East. “The fact that cyber criminals are using themed phishing emails around seasonal holidays to exploit the excitement surrounding the festivities to lure victims, is a proof that cyber criminals have become relentless in their actions. Revenge RAT has replaced the intensity with which Emotet attacked UAE businesses, so it is imperative that organizations take immediate action to avoid becoming the next victims.”
CPR also revealed this month that Healthcare is the number one most attacked industry in the UAE, followed by Finance/Banking and Retail/Wholesale industries. “Remote Code Execution” is now the most commonly exploited vulnerability, impacting 56% of organizations in the UAE, while “Information Disclosure” takes the second spot, impacting 54% of organizations. “Authentication Bypass” vulnerability keeps a hold of third place with a global impact of 44%.
Top Malware Families
*The arrows relate to the change in rank compared to the previous month.
This month, Revenge RAT is the most popular malware with a global impact of 6 % of organizations worldwide, followed by Emotet and Wasted Locker with an impact of 5% and both impacting 4% of organizations respectively.
1. ↑ Revenge RAT – Revenge RAT is a Trojan that targets the Windows platform. This malware accepts commands from a remote control server to collect system information, run/update file from link or disk, load plugins, close/restart the malware among other malicious activities. Additionally, it creates a Run key Registry entry on the infected system and a shortcut under the user’s Startup folder to achieve persistence.
2. ↑ Emotet – Emotet is an advanced, self-propagate and modular Trojan. Emotet once used to employ as a banking Trojan, and recently is used as a distributer to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
3. ↔ Wasted Locker – Wasted Locker is post-intrusion ransomware of the same ilk as Samsa, Maze, EKANS, Ryuk, BitPaymer. This type of ransomware differs from large-volume, victim-agnostic ransomware variants like WannaCry by targeting an organization perceived as having a large number of assets, successfully breaching it, and then deploying specially crafted ransomware to as many systems as possible within that organization in a short timeframe to maximize impact and increase chances of receiving a much larger ransom payment.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, The Intelligence & Research Arm of Check Point Software Technologies.